JetBrains Qodana 2023.3: New code quality features
Our team has been hard at work listening to your feedback and creating new features that can help you enhance code quality and increase compliance. Let’s take a look at what to expect in the latest release, JetBrains Qodana 2023.3.
What’s new for .NET?
EAP launched for Qodana Community linter for .NET
Previously, if you wanted to run the community version of ReSharper’s code analysis outside of an IDE (on your CI/CD server), you’d use InspectCode from ReSharper Command Line Tools.
With this 2023.3 release, we’re launching the Early Access Program (EAP) for the Qodana Community linter for .NET that will replace it!
Why? While Qodana is also based on the same static code analysis engine as ReSharper, it offers several additional benefits.
With Qodana, you can:
- View analysis results with a signature sunburst diagram in Qodana Cloud.
- Quickly assess the project’s overall health.
- Use the baseline to manage technical debt.
We will not discontinue the ReSharper Command Line Tools for now, but moving forward, the Qodana Community linter for .NET will be the preferred way to run the community version of ReSharper’s analysis outside of an IDE.
Paid Qodana linters for .NET now allow you to run third-party license audits and detect vulnerable dependencies, both of which are not included in ReSharper.
The Qodana license audit comprises two levels of capability to help your business keep licenses in check and stay compliant.
What’s new in the license audit feature in this release?
- License Information Collection: Automatically gather and display all license information from project dependencies in the License Audit tab.
- License Compliance Checker: Assess license compliance and identify potential legal risks associated with the licenses of dependencies.
To view and download the license audit results, open your project in Qodana Cloud where the inspection was executed and navigate to the License audit tab.
- Expand the list to see the dependency tree.
- Toggle between viewing all licenses or only incompatible ones.
- View license rules of compatibility.
- Click the Download license list button to download the list of dependencies in MD, XML, HTML, CSV, or an advanced SPDX format.
.NET native mode for .NET Framework
Qodana now runs in a native environment, enabling you to use packages from private NuGet feeds and to analyze projects targeting .NET frameworks on Windows agents. You can run Qodana on the same machine you use to build the distribution. Before you launch the analysis, we recommend building sources by supplying a build command to the `bootstrap:` section of the `qodana.yaml` file.
License audit “software bill of materials” (SBOM) export
The SPDX format contains not only a list of dependencies, but also a structure of the project, checksum of libraries, copyrights, and included license text — all included in the software bill of materials (SBOM).
Simply click the Download license list button to retrieve the license audit report.
Code coverage for .NET, Go, and Python
In the latest Qodana release, we added inspections that will help you identify if the coverage of a method, class, or file falls below a predefined threshold. The resulting coverage will be calculated and displayed in both the command-line interface (CLI) output and the Qodana Cloud UI.
Inspections are enabled by default and included in both of our inspection profiles, Starter and Recommended. To start seeing test coverage results, simply provide test data.
To utilize this feature, you can either map the directory with coverage reports to the `/data/coverage` directory if you’re using Docker images, or put them into `.qodana/code-coverage` in the root folder of the project you’re analyzing. Tests should be run by developers and store data on execution.
Calculating code coverage requires additional information provided by test frameworks:
- Access the code coverage framework, Coverlet, to get .NET code coverage.
- Use `% go test –coverprofile=coverage.out` to run unit tests. No additional conversions needed.
VS Code extension
We recently announced that you can now expand JetBrains code quality intelligence to your mixed team of developers – using VS Code or many of the most popular JetBrains IDEs.
Enhance your search capabilities for vulnerabilities
Qodana can help your team find vulnerable dependencies in projects. But this raises another important question: “Is your code actually using a vulnerable API?”.
Now we can answer this question not only for Java, Kotlin, and PHP, but also for Go, JS, and Python. This functionality works out of the box for JetBrains Qodana, as well as your JetBrains IDE.
Fresh updates to your Qodana IDE plugin
The Qodana team has made design updates to upgrade the UI in the latest version of the Qodana IDE plugin. To avoid confusion when switching between branches, you can now view the analysis results that match your branch in the IDE.
To learn more about our IDE plugin, watch this video by Developer Advocate Anton Arhipov about unlocking code quality with the Qodana IDE plugin.
That’s all for now – but keep in mind that these are only a few of the highlights! Take a look at the release notes for more details, additional features, and the capabilities of Qodana 2023.3 we haven’t included here.
Talk to the Qodana team about code quality done right
If you have any questions or suggestions – or simply want to learn more about how Qodana can help your team and your business – post a comment here, tag us on X (formerly Twitter) or LinkedIn, or contact us at firstname.lastname@example.org.
Your Qodana team
Subscribe to Blog updates
Qodana for .NET 8 is almost ready! Try the EAP and let us know what you think
Qodana now supports .NET 8, starting from the 2023.3-eap version, with plans to release the official linter before the end of the year.
Qodana Is Out Of Preview With First-Class JetBrains IDE Integration
Today, Qodana announces a huge milestone: It’s no longer in preview and is available commercially with some major improvements. Get in now to enjoy a 50% discount on your first year.
Qodana 2023.1: Flexible Profile Configuration, Support for Migration to the Kotlin/JS IR Compiler, License Compatibility Checks for Go, Plugin Integrations, and 30+ New Inspections
The new Qodana release is live with major enhancements to help you ensure your code is of the highest quality.